Cyber Security News for 4Apr2020

  1. “2020 is going to be a rough year. In my judgment, there are five major trends to watch out for in 2020” https://www.recordedfuture.com/ransomware-trends-2020/
  2. “A new version of the popular AnarchyGrabber Discord malware has been released that modifies the Discord client files so that it can evade detection and steal user accounts every time someone logs into the chat service.” https://www.bleepingcomputer.com/news/security/discord-turned-into-an-account-stealer-by-updated-malware/
  3. “Mozilla released Firefox 74.0.1 and Firefox ESR 68.6.1 earlier to address two critical vulnerabilities actively abused in the wild that could lead to remote code execution on vulnerable machines. The two security flaws fixed today could potentially allow attackers to execute arbitrary code or trigger crashes on machines running vulnerable Firefox versions.” https://www.bleepingcomputer.com/news/security/mozilla-patches-two-actively-exploited-firefox-zero-days/
  4. “A hacker has been breaking into Elasticsearch servers that have been left open on the internet without a password and attempting to wipe their content, while also leaving the name of a cyber-security firm behind, trying to divert blame.” https://www.blackhatethicalhacking.com/news/a-hacker-has-wiped-defaced-more-than-15000-elasticsearch-servers/
  5. “A group of tech giants – including Akamai, Amazon Web Services, Cloudflare, Facebook, Google, Microsoft and Netflix – are banding together to battle route hijacking, route leaks and IP address-spoofing attacks targeting internet users. They’re coming together under a program was introduced this week by the Mutually Agreed Norms for Routing Security (MANRS) global initiative. MANRS over the past six years has worked to build up a team of 300 network operators, internet exchange points (IXPs) and other companies to provide “crucial fixes to reduce the most common routing threats.”” https://threatpost.com/cloud-cdns-team-internet-routing-attacks/154434/
  6. “The Facebook representatives specifically told NSO Group they wanted to monitor users on Apple devices, NSO Group CEO Shalev Hulio said, according to court documents obtained by CyberScoop.” https://www.cyberscoop.com/facebook-nso-group-lawsuit-onavo/
  7. “On March 23, 2020, I found a publicly exposed and editable Google Sheets document that provided information to various NBC-owned local news stations. I reached out to the Data Visualization and Multimedia team at NBCUniversal Media, and they responded very quickly; the document was locked down by close of business the same day! Kudos to NBC for acting quickly and resolving this issue!” https://www.contrastsecurity.com/security-influencers/google-sheets-stored-xss-vulnerability-covid-19-table
  8. “Security researcher Bill Demirkapi found ten different vulnerabilities within the HP Support Assistant software, including five local privilege escalation flaws, two arbitrary file deletion vulnerabilities, and three remote code execution vulnerabilities.” https://www.bleepingcomputer.com/news/security/windows-pcs-exposed-to-attacks-by-critical-hp-support-assistant-bugs/
  9. “The vulnerability exists in OpenWrt’s package manager used to install or update OpenWrt.  A security researcher has found that the process used to ensure the integrity of update files is not working properly.  This means that a hostile cyber actor could sneak malicious code into the update process.” https://protocol46.com/critical-flaw-in-openwrt-software/
  10. “The Department of Justice and Offices of the United States Attorneys are warning that ‘Zoom-bombing’ is illegal and those who are involved can be charged with federal and state crimes.” https://www.bleepingcomputer.com/news/software/doj-says-zoom-bombing-is-illegal-could-lead-to-jail-time/
  11. “Security experts at FortiGuard Labs discovered a new Coronavirus-themed campaign using alleged messages from the World Health Organization (WHO) to deliver the LokiBot trojan. The campaign was uncovered on March 27 when the researchers noticed messages claiming to be WHO communications to address misinformation related to the COVID19 outbreak.” https://securityaffairs.co/wordpress/101058/malware/coronavirus-campaign-who-lokibot.html

#ransomware #discord #anarchygrabber #malware #elasticsearch #routehijacking #routeleaks #ipaddressspoofing #manrs #openwrt #lokibot